A few SITES keep giving me problems. Help!!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BigDaveinNJ

Thread Starter
Joined
Jun 9, 2000
Messages
898
I have this really strange problem with my PC that keeps happening several times per week.

There are a handfull of my favorite sites, (GOOGLE, CBS SPORTSLINE, WEB-ATTACK and even TSG FORUMS) that when I try and go to them.... the status bar will flash a few times and then I get the page with cannot find server where they say there may be problems with the site.

When this happens.... I cannot access these sites even manually by typing in the addy..... It's ONLY these four sites that do this. This happens several times per week.

Usually, I can fix this by going into CP/add-remove programs/ and choosing the option to REPAIR IE 6. Sometimes I have to repeat the process a few times, but it will fix the prob.

This is so damn annoying. These 4 sites just happen to be the ones I visit the most, so it's a real pain to me.

I regularly clean out my temporary internet files, history etc.... and have all the spyware controllers like AD-AWARE, SPYBOT, etc... etc... and use them on a regular basis.

I have even had a laptop running along with my desktop and all 4 sites load just fine..... so there is no trouble with the sites.

Any educated guesses as to what may be happening here? Why only these 4 sites, and why can I fix it most of the time by repairing IE6? And... most importantly, how can I fix it PERMANENTLY? because it's driving me nuts to have to fix it all the time.

Thanks in advance :)

DAVID

AMD-K6 500 Mhz, Win98se,IE6 and Netzero is my dial-up ISP.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

BigDaveinNJ

Thread Starter
Joined
Jun 9, 2000
Messages
898
OK... here are the results of the HIJACK-THIS scan.......

Logfile of HijackThis v1.97.2
Scan saved at 2:35:07 PM, on 11/7/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MINDBEAT\INVISIBLE! 2001\INVISIBLE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DAVES' INTERNET EXPLORER
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\PROGRAM FILES\YAHOO!\COMMON\YCHECKH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_2_3_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKCU\..\Run: [Invisible! 2001] "C:\PROGRAM FILES\MINDBEAT\INVISIBLE! 2001\INVISIBLE.EXE"
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O9 - Extra button: FastDNS (HKLM)
O9 - Extra 'Tools' menuitem: &FastDNS (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Wallpaper (HKLM)
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {C3D96A02-EEA7-4264-98D7-D882A7338DE5} - http://downloads.excite.com/images/nocache/platinum/x8initialsetup1.0.0.2.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.844224537
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Please note............

I have ran this scan in here several times before and made the reccomended changes and it will always help with things like homepage changing, hanging and all that stuff but this being unable to go to those 4 sites several times per week has been consistent.

It's more of a pain in the neck than anything.... and yet I haven't read about anything even similar to this in any of these forums.

Thanks for the help so far. :)

DAVID
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html


what conmcerns me is that 98 doesn't have a C:\WINDOWS\system32 folder, that only comes in Win2000/xp and upwards

can you go to C:\WINDOWS\system32 using windows explorer and see if there are any other files in the folder, if so how many and what are they called

it definitely looks like a nasty masquerading as a windows file
also go to c:\windows\hosts open it in notepad and see what entrries are in it, copy and paste that foile to the forum if it has any entries at all
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
and are you using aol as a dsl provider if not then fix
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 

BigDaveinNJ

Thread Starter
Joined
Jun 9, 2000
Messages
898
Thanks DEREK for your help. Made the reccomended changes concerning hijack this log. Please view the attached jpg. which shows the system32 folder contents. I looked in the subfolder DRIVERS and there were a bunch in there.

BTW... I tried to find a C/windows HOSTS folder but could NOT find any such folder. I wonder if this HOSTS folder is located somewhere else.

Same thing happened a little while ago to me.... I was unable to visit this site..... either by clicking on a favorite or typing it in manually.

The ONLY way I was able to get in here is by REPAIRING INTERNET EXPLORER. This time I only had to do it once, where as many times it takes two or three shots. Makes no sense to me why this keeps happening.

Thanks again :)

DAVID
 

Attachments

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
david

please send me a copy of your system32 folder and everything inside of it, including the drivers folder and all it's contents so I can get it analysed and see what is causing the problem

I suspect the whole system32 folder is a trojan/spyware folder

send to [email protected]
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
OK david

delete the entire system32 folder, it contains a hijacker that is causing your problems.

If it won't let you del;ete it in one go then delete the files one at a time and the the drivers folder inside there then the folders them selves. They are not genuine windows folders but nasties

there is no system32 folder in 98 or me
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Also empty your temprary internet files and any temp folders

search for temp and in any temp folder select all the files and delete them. I think this has made copies of itself inside the c:\windows\temp folder and will reinstate if not removed
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
this is how it got in
http://www.malware.com/

a hole that was plugged supposedly by M$ in several updates over the l;ast couple of years, so I would strongly advise you to make sure you go to windows update and get as many security patches as are available still for 98
 

BigDaveinNJ

Thread Starter
Joined
Jun 9, 2000
Messages
898
Thanks for all of your help Derek. Well, after following all of your suggestions, deleting the System32 folder and all its' contents, deleting all TIFs and going and downloading all critical updates I am STILL having the problem.

It took me 3 shots this time to get in here. I REPAIRED Internet Explorer 3 times in a row, followed by reboots and finally I am able to get in here.

It's just these sites. TECH SUPPORT GUY FORUMS, GOOGLE, WEB-ATTACK and CBS Sportsline. There MAY be others, but these are the sites I visit most.

I just don't know how a problem could be so site specific. WHY just these four sites? If I cannot get into one..... I cannot get into the others.

What does REPAIRING Internet Explorer do anyway? From a technical standpoint, what are you actually doing? And, although it will fix the problem, it's usually only temporary.

Has anyone heard of anything like this before?

Thanks again

DAVID
 
Joined
Nov 3, 2003
Messages
18
Had a similar situation a couple of years ago. Similar in that I could only access part of the internet. Turned out that my isp had a new guy on the block taking care of some of their equipment and he had mis set some settings on a server to filter some domains. Drove myself and a bunch of the other folks in our area nuts trying to figure out what was going on since the isp kept telling us it was something we were doing -- Do you know if anyone else on your isp is having the same problem? Eventually the isp fixed their end of the problem, but in the meantime we found a work around that involved downloading and installing a vpn client. Don't know for sure why that worked, but some of the guys figured that it reset some settings on our computers. Good luck!
 

BigDaveinNJ

Thread Starter
Joined
Jun 9, 2000
Messages
898
I do not feel that it is related to the ISP (NetZero) because I have had a laptop and another desktop on at the same time this is happening and they both work fine.

Whatever in the world is causing this.... REPARING Internet Explorer somehow fixes it, albeit usually only temporary.

This is such a pain, especially since I have dial-up.

I wonder if I have the most recent version of IE 6? View the attached jpg. for version info.

It just makes no sense to me. I guess I'll just see if anyone else has this problem.

Thanks again :)

DAVID
 

Attachments

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Dave

it sounds like there is a hosts file problem

do a search for hosts and when you find it open it in notepad and see if any entries relate to the problem sites

Note: hosts files are normally hidden files so make sure that you have all files set to show by opening explorer /tools/folder options/view and make sure that show hidden files & folders is ticked and hide protected operating system files is UNticked

and when you search use the option to search hidden & system files

you should find the hosts file in c:\windows in 98
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
I've found out this hijacker is a form of CWS

so Run CWshredder from
http://www.spywareinfo.com/~merijn/cwschronicles.html
and make sure you follow the advice about the security updates listed at the bottom of the page, in order to prevent re-infection

see if that cures the problem
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top